Cloud Computing Standards

The IETF issued what became standardized internet protocols. These standards insured the interoperability or plug-and-play of hardware, software, operating systems and websites.

What are the cloud computing standards under development today that affect cloud computing projects now and in the future?

The IEEE has been working on a set of cloud computing standards.

Working Group IEEE PS2301 is working on interoperability profiles for cloud portability and cloud interoperability; these standards would help everyone from cloud service providers to SaaS vendors to application programmers develop applications, virtualization methods and operating systems that all work with each other.

IEEE Working Group P2302 is focusing on interoperability between clouds, such as public and private cloud computing environments. This IEEE cloud standards WG is focused on trust infrastructure, auditability, gateways used to exchange data between clouds and name spaces.

As part of the IEEE’s Cloud Computing Initiative, the International Telecommunication Union put out a report on its study of the standardization ecosystem for cloud computing.

National Institute of Standards and Technology or NIST is developing standards along with the IEEE to improve cloud interoperability and security. NIST published a Cloud Computing Standards Roadmap, NIST 500-291, back in 2011. NIST cloud computing standards would primarily affect the federal government and defense contractors first, but the sheer size of that market would affect the whole cloud computing industry as a whole.

ANSI has adopted the Open Virtualization Format or OVF specification for distribution of software applications for use on virtual machines. This standard, INCITS 469, was published in 2010.

However, most cloud computing services and application developers are looking to ISO standards or standards in work by business groups instead of national standards organizations like ANSI International.

Many ISO standards like the ISO 27000 series should be met by cloud service providers. ISO 29361 addresses the basic profile necessary for web services inter-operability, often used by cloud service providers.

Other standards, like ISO 19770 for software asset management, are assumed to apply to installed software applications as well as SaaS. IT security on the cloud faces many challenges, such as the reliance on hypervisors and multi-tenancy. ISO standard 27017 specifically addresses cloud security.

Existing ISO IT security standards came from the IEC, but new standards are being developed by business groups comprised of users and cloud service providers. The ISO Joint Technical Committee 1, Subcommittee 38, is focused on creating standards for distributed application platforms and services, so we will eventually see ISO standards specifically for cloud computing.

The Distributed Management Task Force or DMTF is an industry organization that develops system management standards. DMTF has several working groups developing standards on auditing data on the cloud, how software licensing is handled and standards for how to manage virtualized environments.

DMTF is partnered with the Cloud Security Alliance. The Cloud Security Alliance is wholly focused on IT security matters, such as how to perform an IT security audit in an IaaS environment, the security controls framework to be used in a private cloud and certification of individuals trained specifically in cloud computing security.

The Cloud Standards Customer Council or CSCC describes itself as an end user advocacy group that is both pushing the adoption of cloud computing and contributing to standards for cloud interoperability and cloud security. Companies like IBM, Keycloud, Icloud, Cumulus Networks and Cisco are members of the CSCC.

The Open Cloud Consortium or OCC seeks to develop standards for cloud interoperability. The Open Grid Forum is developing standards specific to distributed computing.